Open relays and open proxies

SpamCop, for all the criticism it gets, DOES report abused proxies
quickly and with great reliability - far more reliably in the case
of proxies than, say, the human victims of the abuse. It might pay
to set up a special process with Spamcop to get those reports at an
unpublished box, and put them through an automated process to spot
any with the "proxy" keywords.

Pity that spamcop spams people.

Neil J. McRae wrote:

Pity that spamcop spams people.

Spam complints are not spam.

And the spam promoting SpamCop was from some spammer who didn't like
SpamCop.

Yes Neil, it is a shame. Is there any known way to opt out of spamcop?
I'm sure I could ACL out all SMTP traffic coming from their netspace.
Or better yet, set up an IDS rule that emails their upstream provider.
If a few of us did this I'm sure the spamcop folks would find a way to
make their spam engine a bit more selective.

The spamcop complaints that really set me off are the "spamvertised
website" complaints. Just the mere fact that you host a site that was
advertised by spam enjoins you in the spamcop chain of causation, even
if the spam mail did not originate from your network.

Since the PDRK is now ready to prove they have nuclear weapons, it's a
shame that the wasted spamcop computing resources could not be put to a
better use, such as DOS'ing the PDRK's uranium enrichment operation.

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

Christopher J. Wolff wrote:

The spamcop complaints that really set me off are the "spamvertised
website" complaints. Just the mere fact that you host a site that was
advertised by spam enjoins you in the spamcop chain of causation, even
if the spam mail did not originate from your network.

With the exception of Joe-Jobs, spamvertised websites should be terminated. The theory is that the spammer should not be making money from the spam. Take away their money and perhaps they'll learn not to send spam. Of course, perhaps you enjoy the extra money you make because the customer sent spam to someone and the website generated traffic that directly or indirectly made you money.

Also, SpamCop works with people concerning the reports. If I'm not mistaken, they'll turn off specific types of reports if you ask. Personally, I like to be aware of what my customers are doing when it can cause me problems in the long run.

-Jack

Try getting a few forged spamruns in your name, and having to go to
spamcop every time to report it was a forgery :stuck_out_tongue:

Paul

Paul Wouters wrote:

Christopher J. Wolff wrote:

The spamcop complaints that really set me off are the "spamvertised
website" complaints. Just the mere fact that you host a site that was
advertised by spam enjoins you in the spamcop chain of causation, even
if the spam mail did not originate from your network.

With the exception of Joe-Jobs, spamvertised websites should be terminated.

If a spammer is spamming about stocks, and includes a link to look up that stock via cnnfn.com, there's now a spamvertisement issue. Where do you draw the line? How do you, reading the spam, know with certainty that any domain name mentioned in that spam is in fact there with the permission of the domain holder?

The theory is that the spammer should not be making money from the spam. Take away their money and perhaps they'll learn not to send spam. Of course, perhaps you enjoy the extra money you make because the customer sent spam to someone and the website generated traffic that directly or indirectly made you money.

Also, SpamCop works with people concerning the reports. If I'm not mistaken, they'll turn off specific types of reports if you ask. Personally, I like to be aware of what my customers are doing when it can cause me problems in the long run.

If you have them turn off address munging, the spamcop user will then accuse you of helping your customers "list wash" when what you really wanted to do is get to the bottom of spam reports. Just a single spamcop report last week cost me about 4 hours of work. Turned out the spamcop user had given his email address to the company (a resort, in this case) in person, in writing. The resort had sent a note ASKING if the person would like to be on a mailing list. Didn't subscribe them, just asked if they'd like to subscribe.

Oh, and the guy blocked our entire netblock at the same time as putting in the spamcop report, making it impossible for our abuse desk to respond once we uncovered the facts. For all I know, they still have us blocked.

This kind of nonsense is at least as expensive as dealing with actual spam. And possibly does more damage to legitimate flow of traffic.

Dan

Jack,

Let me draw an inference from your reply. For example, in parts of our
community, there are ordinances against putting up A-Frame signs. (the
tin signs placed in or near intersections, generally used to advertise
real estate)

Each weekend the local P.D. confiscates these signs and stores them in a
holding pen.

Therefore, am I just as 'guilty' if I host A.B.C. Homes website, if they
choose to advertise new homes in this clearly illegal manner? The
A-Frame signs are a nuisance and use up professional time to remove,
just like spam.

There has to be a line drawn somewhere, wouldn't you think?

Regards,
Christopher J. Wolff, VP CIO
Broadband Laboratories, Inc.
http://www.bblabs.com

Christopher J. Wolff wrote:

Therefore, am I just as 'guilty' if I host A.B.C. Homes website, if they
choose to advertise new homes in this clearly illegal manner? The
A-Frame signs are a nuisance and use up professional time to remove,
just like spam.

There has to be a line drawn somewhere, wouldn't you think?

A) many spam emails use html links to pull graphics from the spamvertised site. By continuing to let the site run, even more bandwidth is being utilized (especially with todays broken MUAs).

B) most spammers make their money using their websites and not the spam itself. So long as the website exists, there will be a way for the spammer to propogate spam. Remember, it doesn't matter if the emailing account gets cancelled. Once the damage is done, the spammer can sit back and collect revenue via the website that was just adverted. However, if you cancel the website, the company ceases to generate revenue from the spam and is effectly shut down until they can bring the website back up *and* generate another spam run.

C) there are rarely good real world analogies for problems that exist on the 'net. Not only does the 'net afford us speed and convenience in our ability to communicate, it also allows for abuse to be at increased speeds, volume and convenience. If different A-frame signs showed up each and every day in large quantities throughout the city, the city would not just confiscate the signs. They would file charges, and if the owner of the real estate is aware of such activity, the owner would be held liable, or city ordinances would be changed to allow the owner to be held liable.

-Jack

:
:Christopher J. Wolff wrote:
:>
:> Therefore, am I just as 'guilty' if I host A.B.C. Homes website, if they
:> choose to advertise new homes in this clearly illegal manner? The
:> A-Frame signs are a nuisance and use up professional time to remove,
:> just like spam.
:>
:> There has to be a line drawn somewhere, wouldn't you think?
:>
:
:A) many spam emails use html links to pull graphics from the
:spamvertised site. By continuing to let the site run, even more
:bandwidth is being utilized (especially with todays broken MUAs).
:
:B) most spammers make their money using their websites and not the spam
:itself. So long as the website exists, there will be a way for the
:spammer to propogate spam. Remember, it doesn't matter if the emailing
:account gets cancelled. Once the damage is done, the spammer can sit
:back and collect revenue via the website that was just adverted.
:However, if you cancel the website, the company ceases to generate
:revenue from the spam and is effectly shut down until they can bring the
:website back up *and* generate another spam run.
:
:C) there are rarely good real world analogies for problems that exist on
:the 'net. Not only does the 'net afford us speed and convenience in our
:ability to communicate, it also allows for abuse to be at increased
:speeds, volume and convenience. If different A-frame signs showed up
:each and every day in large quantities throughout the city, the city
:would not just confiscate the signs. They would file charges, and if the
:owner of the real estate is aware of such activity, the owner would be
:held liable, or city ordinances would be changed to allow the owner to
:be held liable.

As much as I'd normally hate to append an example, the following is a real
gem.

If this were rigorously enforced, it would provide a mechanism for anybody with an axe to grind to take out any web site on the planet. Once all the commercial web sites had been taken off the air, the commercial web hosters would go out of business. Once all the web hosters were off the air, the access providers would go out of business (since there would be no interweb left for their customers to look at).

Billions of people stumble, blinking, out into the sunlight, deprived of their only usual means of communication with friends, and discover that they have neighbours...

... and then all die of SARS from the resulting unnatural proximity to other humans.

I say, do it. Let's take the humans out of the picture, and give the insects a chance to run the planet.

Joe

Joe Abley wrote:

If this were rigorously enforced, it would provide a mechanism for anybody with an axe to grind to take out any web site on the planet. Once all the commercial web sites had been taken off the air, the commercial web hosters would go out of business. Once all the web hosters were off the air, the access providers would go out of business (since there would be no interweb left for their customers to look at).

When dealing with any account, common sense is required. If a company is being advertised via spam without approval, they have good legal standing to go after the spammer. After all, sending out spam doesn't exactly help their business image.

Yet how many spams are sent out advertising pr0n and the websites never cancelled? How many get rich schemes? The last I checked, no-more-viruses.com was still at it and wasting my time by sending their filth to every role account I have.

-Jack

Tired old argument that completely misses the "with the exception of joe jobs" clause.

Yes, maybe I'm the only person here who has no idea what that means (in which case a private mail explanation would be fine).

Joe

Since there are probably others who don't know -
http://www.spamfaq.net/terminology.shtml#joe_job will enlighten you. And
the rest of that page explains lots of other spam jargon as well.

Tim Wilde

I don't need to forge my spam as being from any legitimate mailbox in order to promote a web site, and start off on the rapid spiral descent into insect nationhood.

Tired old argument that completely misses the "with the exception of
joe jobs" clause.

* jabley@isc.org (Joe Abley) [Fri 25 Apr 2003, 18:13 CEST]:

I don't need to forge my spam as being from any legitimate mailbox in
order to promote a web site, and start off on the rapid spiral descent
into insect nationhood.

You have been led to the water but still refuse to drink. A "Joe Job"
is when bulk mail is sent out in your name in order to make you look bad.
No services by the spammer are advertised, all he hopes to achieve is to
get you a bad reputation or even disconnected.

See Paul Wouters' recent mail to this august forum for a recent
example of a joe job.

  -- Niels.

> SpamCop, for all the criticism it gets, DOES report abused proxies
> quickly and with great reliability - far more reliably in the case
> of proxies than, say, the human victims of the abuse.

Pity that spamcop spams people.

Perhaps you could be more vague here?

There have been a number of spam threatening to be from SpamCop:
http://spamcop.net/fom-serve/cache/124.html

These emails are pretty clearly not from SpamCop.

If you're talking about the actual reports sent by SpamCop, they are
not unsolicited, because they're going to abuse and / or role accounts
(and are thus solicited implicitly). If you don't want to receive
SpamCop reports, I'm almost certain you can ask them not to send you
reports.

The spamcop complaints that really set me off are the "spamvertised
website" complaints. Just the mere fact that you host a site
that was advertised by spam enjoins you in the spamcop chain of
causation, even if the spam mail did not originate from your
network.

Not sure if you're trolling here, but spamvertised sites are against
most providers' AUPs, and should be terminated -- spammers don't care
if the account used to send UBE is disabled, but they do care about
keeping the site up long enough to make some money.

Obviously there are *some* cases that SpamCop reports incorrectly
(for instance, Traffic Magnet type spam where the customer's site is
mentioned in the spam), but these are *usually* due to user error.

While I may take some SpamCop complaints with a grain of salt (due to
past complaints that have proved to be false and / or accidental),
for the most part, SpamCop's logic is better than any other automated
reporting tool, and better than a human that doesn't know much about
email headers. Compared to the other false / accidental reports, spam,
viruses and other crap that hits our abuse and role accounts, SpamCop
isn't that bad - at least it lets you ask to receive no further
reports (if you're an innocent bystander or if you've already taken
action), and comes in a consistent, easy to identify and read, format.

I've seen a few cases where SpamCop misidentified the origin of a
message, but they were usually due to some sort of temporary glitch -
for the most part, their system works surprisingly well.

> Pity that spamcop spams people.

Spam complints are not spam.

they can be. and in spamcop's case, they usually are. for reference,
check http://www.mail-abuse.org/standard.html and decide whether robotic
spam complaints can or cannot often fit all of (1) (2) and (3) as shown.

And the spam promoting SpamCop was from some spammer who didn't like
SpamCop.

that's not what i'm referring to. spamcop has complained to me about
everything from rfc1918 addresses to mail/news gateway spam to mailing list
spam. i eventually had to just hard-reject all mail from spamcop in order
to make it stop. this kind of sloppy work just dilutes the mix and makes
valid hand-generated spam complaints less welcome by association with the
unending crap that comes out of spamcop's robotware.

(if it's any consolation to julian, the helpmesoft approach is even worse.)

Multiple other people have asked... one line URL response.

<http://www.spamfaq.net/terminology.shtml#joe_job>